System i: Programming Secure Sockets APIs - IBM

More documents

Recommendations

Info

matched sets. If a client application writes 100 bytes of data using one or more of the socket send() calls, then the server application must read exactly 100 bytes of data using one or more of the socket recv() calls. This is also true for gsk_secure_soc_read() API. 3. Since SSL is a record-oriented protocol, SSL must receive an entire record before it can be decrypted and any data returned to the application. Thus, a select() may indicate that data is available to be read, but a subsequent gsk_secure_soc_read() may hang waiting for the remainder of the SSL record to be received when using blocking I/O. 4. A FIONREAD ioctl() cannot be used to determine the amount of data available for reading by using gsk_secure_soc_read(). 5. SSL will ignore the out-of-band (OOB) data indicator. OOB will not affect the SSL application. OOB will just be data to the SSL protocol. 6. For an SSL enabled socket, which must use a connection-oriented transport service (that is, TCP), a returned value of zero in the amtRead field indicates one of the following: v The partner program has issued a close() for the socket. v The partner program has issued a secure close for the secure session. For example, if the partner program was coded using the GSKit APIs, the partner issued gsk_secure_soc_close(). v The partner program has issued a shutdown() to disable writing to the socket. v The connection is broken and the error was returned on a previously issued socket function. v A shutdown() to disable reading was previously done on the socket. 7. When the secure session uses a blocking socket and GSK_OS400_READ_TIMEOUT was set, GSK_OS400_ERROR_TIMED_OUT will be the return value if no data arrives before the timeout expires. Error Messages Message ID Error Message Text CPE3418 E Possible APAR condition or hardware failure. CPF9872 E Program or service program &1 in library &2 ended. Reason code &3. CPFA081 E Unable to set return value or error code. Related Information v “gsk_secure_soc_close()—Close a secure session” on page 37—Close a secure session v “gsk_secure_soc_init()—Negotiate a secure session” on page 38—Negotiate a a secure session v “gsk_secure_soc_misc()—Perform miscellaneous functions for a secure session” on page 41—Perform miscellaneous functions for a secure session v “gsk_secure_soc_open()—Get a handle for a secure session” on page 44—Get a handle for a secure session v “gsk_secure_soc_write()—Send data on a secure session” on page 60—Send data on a secure session v “gsk_strerror()—Retrieve GSKit runtime error message” on page 62—Retrieve GSK runtime error message API introduced: V5R1 Top | UNIX-Type APIs | APIs by category gsk_secure_soc_startInit()—Start asynchronous operation to negotiate a secure session Syntax 48 System i: Programming Secure Sockets APIs
#include #include int gsk_secure_soc_startInit(gsk_handle my_session_handle, int IOCompletionPort, Qso_OverlappedIO_t * communicationsArea) Service Program Name: QSYS/QSOSSLSR Default Public Authority: *USE Threadsafe: Yes The gsk_secure_soc_startInit() function is used to initiate an asynchronous negotiation of a secure session, using the attributes set for the SSL environment and the secure session. This API starts the SSL handshake to the remote peer and upon successful completion of QsoWaitForIOCompletion() a secure session is established. Parameters my_session_handle (Input) The handle returned from gsk_secure_soc_open() that will be used to negotiate the secure session. int IOCompletionPort (Input) The I/O completion port that should be posted when the operation completes. Qso_OverlappedIO_t * communicationsArea (Input/Output) A pointer to a structure that contains the following information: descriptorHandle (Input) - The descriptor handle is application specific and is never used by the system. This field is intended to make it easier for the application to keep track of information regarding a given socket connection. buffer Not used. bufferLength Not used. postFlag Not used. postFlagResult Not used. fillBuffer Not used. returnValue (Output) - When the negotiate operation completes asynchronously, this field contains indication of success or failure. errnoValue (Output) - When the negotiate operation completes asynchronously and returnValue is GSK_ERROR_IO, this field will contain an errno further defining the failure. operationCompleted (Output) - If the operation is posted to the I/O completion port, this field is updated to indicate that the operation was a GSKSECURESOCSTARTINIT. secureDataTransferSize Not used. bytesAvailable Not used. operationWaitTime Not used. postedDescriptor Not used - Must be set to zero. operationId (Input) - An identifier to uniquely identify this operation or a group of operations. It can be set with the return value from QsoGenerateOperationId() or with an application-defined value. This value is preserved but ignored by all APIs except QsoCancelOperation() and QsoIsOperationPending(). reserved1 (Output) - Must be set to hexadecimal zeroes. reserved2 (Input) - Must be set to hexadecimal zeroes. Secure Sockets APIs 49
Page 1:
System i Programming Secure Sockets
Page 4 and 5:
Note Before using this information
Page 6 and 7: Related Information . . . . . . . .
Page 8 and 9: vi System i: Programming Secure Soc
Page 10 and 11: APIs These are the APIs for this ca
Page 12 and 13: ufID (Input) The following values c
Page 14 and 15: v GSK_CONNECT_CIPHER_SPEC v GSK_SID
Page 16 and 17: [GSK_INSUFFICIENT_STORAGE] Not able
Page 18 and 19: gsk_attribute_get_enum()—Get enum
Page 20 and 21: secure session does not start, and
Page 22 and 23: API introduced: V5R1 Top | UNIX-Typ
Page 24 and 25: v GSK_FD v GSK_HANDSHAKE_TIMEOUT v
Page 26 and 27: [GSK_INVALID_STATE] One of the foll
Page 28 and 29: 8. If GSK_OS400_APPLICATION_ID is s
Page 30 and 31: if validation fails because the cer
Page 32 and 33: gsk_attribute_set_enum()—Set enum
Page 34 and 35: active secure sessions will continu
Page 36 and 37: gsk_attribute_set_numeric_value()
Page 38 and 39: v GSK_V3_SIDCACHE_SIZE v GSK_LDAP_S
Page 40 and 41: v “gsk_secure_soc_init()—Negoti
Page 42 and 43: [ETERM] Operation terminated. If an
Page 44 and 45: 2. v GSK_SESSION_TYPE set to GSK_CL
Page 46 and 47: Error Messages Message ID Error Mes
Page 48 and 49: [GSK_AS400_ERROR_INVALID_POINTER] T
Page 50 and 51: attributes. In most cases, as resul
Page 52 and 53: Error Messages Message ID Error Mes
Page 54 and 55: v “gsk_secure_soc_misc()—Perfor
Page 58 and 59: Authorities Authorization of *R (al
Page 60 and 61: gsk_secure_soc_startRecv()—Start
Page 62 and 63: The handle specified was not valid.
Page 64 and 65: v “gsk_secure_soc_misc()—Perfor
Page 66 and 67: Authorities No authorization is req
Page 68 and 69: 6. Socket option SO_SNDTIMEO is not
Page 70 and 71: [EPIPE] [EUNATCH] The specified des
Page 72 and 73: Example The following example shows
Page 74 and 75: Qlg_Path_Name_T *keyringFileName (i
Page 76 and 77: v The CCSID specified in the keyrin
Page 78 and 79: unsigned protocol; /* SSL protocol
Page 80 and 81: Service Program Name: QSOSSLSR Defa
Page 82 and 83: Related Information v “SSL_Create
Page 84 and 85: unsigned int cipherSuiteListLen The
Page 86 and 87: [EBADF] [EBUSY] Permission denied.
Page 88 and 89: ignore attempts by applications to
Page 90 and 91: C Constant System Value TLS_RSA_WIT
Page 92 and 93: ignore attempts by applications to
Page 94 and 95: v Use the system default cipher spe
Page 96 and 97: An error occurred in SSL processing
Page 98 and 99: Parameters int sslreturnvalue (Inpu
Page 100 and 101: Parameters SSLHandle* handle (input
Page 102 and 103: [EUNATCH] [EUNKNOWN] The protocol r
Page 104 and 105: Authorities No authorization is req
Page 106 and 107:
struct SSLHandleStr { /* SSLHandleS
Page 108 and 109:
Error Messages Message ID Error Mes
Page 110 and 111:
Name of Header File Name of File in
Page 112 and 113:
Name Value Text Details ENOTWRITE 3
Page 114 and 115:
Name Value Text Details EHOSTDOWN 3
Page 116 and 117:
Name Value Text Details EISDIR 3471
Page 118 and 119:
Name Value Text Details EBADFID 351
Page 120 and 121:
CONDITIONS OF MERCHANTABILITY, FITN
Page 122 and 123:
IBM Corporation Software Interopera
Page 124 and 125:
SAA SecureWay SOM System i System i
Page 126:
118 System i: Programming Secure So
show all

System i: Programming Secure Sockets APIs - IBM

Create successful ePaper yourself

Delete template?

Save as template?